Hiring managers asking impractical questions during an interview?

Remedymp

Have any of you here ever been in an interview where the hiring manager ask several impractical questions that are very left field from the role you applied for?:

EnderWiggin

Not sure if this is the kind of thing you're looking for, but I once had an interview panel with five people, and four of the five asked me how I 'fit into a team environment.' To this day, I can't figure out if they were looking for me to change my answer, if they weren't paying attention, or what..... I ended up getting an offer though, so..........

UncleB

Remedymp wrote: »

Have any of you here ever been in an interview where the hiring manager ask several impractical questions that are very left field from the role you applied for?:

You have to give us some suggestion what you consider left field.

Remember that part of the interview process can be to see hoow you react to the unexpected or to questions outside your comfort zone. The way you respond to these tells us volumes about how good you can be at your job.

Getting someone merely capable is easy but getting someone really good is invaluable and finding people who are capable of responding well to unexpected challenges and thinking outside the box is part of the search for this.

NavyMooseCCNA

A Linux team lead I knew had a habit of asking deep in the weeds theoretical Linux questions. One time he asked a question that went something like "What would you do if you had a print server running an unknown distro of Linux on your network?" the answer given was correct with "I would immediately turn it off and look for who put it on the network.

jelevated

UncleB wrote: »

Remember that part of the interview process can be to see hoow you react to the unexpected or to questions outside your comfort zone. The way you respond to these tells us volumes about how good you can be at your job.

Getting someone merely capable is easy but getting someone really good is invaluable and finding people who are capable of responding well to unexpected challenges and thinking outside the box is part of the search for this.

Exactly. Its like those jelly bean questions. not really looking for the answer but how you approach. Amazing how many people will completely blow the interview on one of these. "Jelly beans? How the fsck should i know???"

cyberguypr

I always ask questions that are way outside the scope of the role. Like UncleB said, what I try to gauge with this is the thought process and resourcefulness of the candidate when faced with unfamiliar topics. I do not expect a right answer, so I don't dock points for intelligent attempts. However, there's two things I don't accept: "I don't know" followed by silence, or attempts to bluff. I hope they tell me they will google, escalate, call vendor, or whatever other action they can come up with other than giving up and crossing their arms.

Remedymp

I was asked one of the questions: What would I do if an IP made a successful connection to a MySQL DB. But, the client owner of the company did NOT know if the IP was legitimate or not nor did they know have a user to as well.

How would you assess this?

Danielm7

I was in a security analyst interview and the one hiring manager kept asking me questions about calling in homeland security. Things like, "if you found a laptop running TOR, at what point do you call in homeland security? How about if it was in the finance dept, do you tell your manager first or call DHS first?" I told him that it sounded oddly specific and blushed a little and said it's a problem they were just dealing with, then he left. After he left the other interviews said the guy basically calls DHS for everything, they sort of humor him and then move on. Note, this was not a .gov related position at all.

Remedymp

REMOVED UNNECESSARY QUOTE

It's really odd ball things like that turn me off even when they make a offer. No TY.

Danielm7

Remedymp wrote: »

It's really odd ball things like that turn me off even when they make a offer. No TY.

Totally, he was already on his way out the door and that's why everyone mocked him when he left the room. I took the risk since everyone else seemed cool and it worked out.

BlackBeret

I may have had a previous team asking questions like "What is your spirit animal?". Is this far enough out to left field to qualify? Sometimes we just like to see how people operate when put on the spot.

zeitgeist29

It seems odd but it can describe how you view yourself and how other people view you. Just a different way of asking a personality question. I'd prefer that to giving 5 words that describes myself. I actually would prefer to pick a spirit animal for sure.

UncleB

Remedymp wrote: »

I was asked one of the questions: What would I do if an IP made a successful connection to a MySQL DB. But, the client owner of the company did NOT know if the IP was legitimate or not nor did they know have a user to as well.

How would you assess this?

It sounds like they had exactly this experience and I would guess they had a bunch of jobsworth staff who wouln't / couldn't own the issue because it was just too left field for them.

In this scenario I would get together players from the following teams:
-security
-database
-support manager

Explain what you found, ask if anyone can explain it and if not, ask the manager if they think it should be treated as a potential intrusion of your network and get security and management to own their parts.

If you are not one of these staff then you stand back and let the process owners do their job but offer assistance if they need it (eg sending out comms, calling in consultants etc).

If you are one of these teams then you should know your role to play in this - if you don't, get reading up on it.

Lastly if it is a small company and there is no security person then the answer is to block the source IP address until you can get a security consultant to get involved - this is way too important to entrust to someone lacking the right skills. You would watch and learn from the consultant then continue learning to cover this weakness in the company skillset.

That's my thoughts.

Remedymp

My response was to check IP range and use CentOPS to verify it and run the IP across Virustotal. If nothing is suspicious, ask the client who from that location would be working at this time (off business hours). Check the frequency of that connection from the logs and if the client can't provide an answer, just block it.

However, my recommendation to the client, is to create a whitelist of IPs that will be within the scope of connecting to the SQL box and begin using tokens to authenticate to the instance.


This, however, was not a sufficient recommendation according to the hiring manager.

TheFORCE

One time i was asked if i knew what is the population of the Big Apple. lol

scaredoftests

I had to take one of those personality tests online (so stupid). The woman, then asked for me to come in person to interview (or so I thought). She spent 45 MINUTES going over the test and then says 'we are too much alike', we would not work well together. WTF. I took a shower for this crap?

jamesleecoleman

scaredoftests wrote: »

I had to take one of those personality tests online (so stupid). The woman, then asked for me to come in person to interview (or so I thought). She spent 45 MINUTES going over the test and then says 'we are too much alike', we would not work well together. WTF. I took a shower for this crap?

Sounded like she was looking for a partner.

UncleB

Remedymp wrote: »

This, however, was not a sufficient recommendation according to the hiring manager.

What sort of role was it for?

Remedymp

Security technical writer. Basically, technical documentation for what engineers who build firewalls and IDS/IPS.

UnixGuy

Oh boy, I have so many stories.


1) A Security "analyst" job advertised, looking for skills in vulnerability assessment, pen testing, packet analysis.

Interviewed by the "security team" ..one hour interview... ALL the questions were about Windows administration, and I stated clearly that I was never a Windows admin in my career. No, they didn't get the hint. they went on "What's the option in Active Directory that does this...how do you create a group in Windows this"..

Then I had to ask them...do you guys do any pentesting? they said no we have a company that does that.

Do you guys do any vuln management? No

So basically they don't do anyting security related apart from Installing AV on windows Desktops, configuring AD, and calling third party companies to do 'security' for them...but hey, they watch the companies do security work for them so they must be dangerous hackers?? I kid you not, one guy was wearing a black hat during the interview.




2) another interview, a guy started asking me command line options in Linux...I'm talking "what option do you use to configure ACL group on a linux directory.."...he went on and on. My Unix experience is solid, so I asked him "what options do you use to configure RAID on two disks" he said, I don't remember, I told him..does this make you a bad Admin??? Does this have anything to do with Vulnerability management?


Bottom line...the industry is full of clowns, there is no way around.

Remedymp

This really confirms that the industry is a mess.

ITSec14

@UnixGuy
That's pretty bad...

Can we really call these people clowns though? I personally blame the companies doing the hiring. Retention is awful in IT. No company wants to pay what people are worth, lack of training, stagnant projects and lack of decent budgets. I can't sit back and ridicule someone for wanting to grow their career, no matter how bad they might be. We should be mentoring people looking to rise up, not holding them back. That's why there's a skills shortage in the first place.

blatini

"We all here have picked our own superheroes that identify us. I am Wolverine, he's Beast. What super hero would you be?"

"Morph."

"Why?"

"I always thought he had the coolest power and his laugh was crazy"

"You know he's an ******* right?"

"Ya I guess I never really kept up with comic books. I just always thought his power was cool"

They both looked at each other and rolled their eyes. I didn't get the job.

byron66

You're joking right?

blatini

Nope. I am not sure if that was the main reason I didn't get the job but the rest of the interview (30min) was significantly more awkward.

For whatever it is worth Morph was a guy who could change his appearance to whatever he wanted to. Maybe they figured I was into fraud since I chose him?

scaredoftests

I was asked how old I was and how long did I plan on working from one place.

NavyMooseCCNA

scaredoftests wrote: »

I was asked how old I was and how long did I plan on working from one place.

Employers aren't allowed to ask you things like your age or your marital status.

scaredoftests

NavyMooseCCNA wrote: »

Employers aren't allowed to ask you things like your age or your marital status.

I know that, but these idiots did not. it was such a strange interview (this was about 4 years ago).

UnixGuy

ITSec14 wrote: »

...
Can we really call these people clowns though? I personally blame the companies doing the hiring....

I'm calling a Spade a Spade.

Like the guy who was asking me command options in linux clearly had a chip on his shoulder on why I have that much Unix experience. The questions were completely irrelevant and if you remember all the options in all the commands, you're a man page not a human..and you're a bad engineer.

The problem is that the clowns hire clowns, they become managers, leaders, executives, 'senior engineers'. qualified people have no patience working for them.

And by the way, the above examples were jobs paying more than 140K a year, one was a health care provider and the other was a financial institutions. Big names!

One has to be really strategic in this field. It's not regulated and things change quickly.

Also, watch out for all the 'Cloud hackers'. They were able to create an instance on AWS...therefore they're architects. I can go on and on I try and focus on my own path, growth, and getting into places that I want, and being surrounded by like minded people.